Community Blog

Palo Alto Networks protects against WanaCrypt0r and other ransomware attacks

by ‎05-16-2017 09:37 AM - edited ‎05-16-2017 02:00 PM (9,933 Views)

If you have been paying any attention to the news about ransomware attacks that have been popping up lately, you will notice that one called “WannaCry” or “WanaCrypt0r”. This one has been aggressive in its attack, by using the SMB Protocol and exploiting the EternalBlue(CVE-2017-0144) on Microsoft Windows systems.

 

Microsoft has published details about the WanaCryp0r attacks here:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

The good news is that Palo Alto Networks Next Generation Security Platform automatically created, delivered and enforced protections to defend from this attack.

 

Our very own Threat Prevention group has a blog covering this topic here:
UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

 

The Live Community team would like to help provide all the information needed to help configure your Next Generation Firewalls to be secure from attacks.

 

Palo Alto Networks can help prevent this ransomware attack with the following technologies:

The first link is to an article that describes in detail about how to configure ransomware prevention:
Best Practices for Ransomware Prevention

 

Other ways to protect yourself

As far as what else can be done, here are 8 ways that you can help protect yourself from WannaCry and other ransomware:

  1. Always install the latest Security Updates – It goes without saying to stay updated, as a lot of vulnerabilities are caught and patched almost daily. By keeping your machine updated, you prevent those vulnerabilities from being a risk on your machine.
  2. Patch SMB vulnerability – Microsoft has released specific SMB patches to protect against this attack here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx  Also, Microsoft has even gone so far to release SMB patches for Unsupported versions of Windows (Windows XP, Vista, Server 2003 and Server 2008) here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/  Note: Please note that Windows 10 users are not vulnerable to this SMB vulnerability at this time.
  3. Disable SMB – SMB in question is Server Message Block version 1. It goes without saying that if you are not using SMB inside of your network, to please disable it. To disable SMB, please follow these 4 steps:
    1. Inside the Windows Control Panel, click ‘Programs’
    2. Open ‘Features’ and click ‘Turn Windows Features on and off.”
    3. Now scroll down to find ‘SMB 1.0 /CIFS File Sharing Support’ and uncheck it.
    4. Click OK, close control panel and restart the computer.
  4. Enable hardware or software Firewalls and block SMB ports – It is vitally important to always have a firewall enabled. If you do use SMB inside of your network, then you can configure your firewall to block access to SMB ports on the Internet. SMB operates on TCP port 137, 139 and 445, and UDP port 137 and 138.
  5. Use an AntiVirus program – Again, a very simple point, to keep your AntiVirus of choice running and updated.
  6. Be cautious of Unknown Emails, Websites or Apps – Most ransomware uses phishing emails to get users to click on links. Always use caution when viewing uninvited documents or links.
  7. Backup your files regularly – This is always a great idea, to be prepared in the event your hard drive dies or you are hit with Ransomware, you have something to go back to.
  8. Keep up to date on your security knowledge – Cyberattacks and vulnerabilities appear in the news every day for popular software and services, such as Android, iOS, Windows, Linux and Mac. The more you are in the know on these activities in the Cyber World, this keeps your knowledge up to date and allows you to be more aware about these vulnerabilities and ways to prevent/avoid them.

As always, we welcome comments and feedback in the comments section below.

 

Thanks for reading.

Stay secure!

Joe Delio

Comments
by jesperc
on ‎03-22-2019 12:30 AM

Yesterday we tried to run a tool called RanSim from Knowbe4 and Traps did very poorly. My machine is running Traps 6.0 and it was vulnerable to 13 out of 14 attacks.

 

Have you heard about this tool and what could be the reason for the bad result?

 

https://www.knowbe4.com/ransomware-simulator

by
on ‎03-22-2019 07:34 AM

@jesperc , I have not heard of this tool, but if Traps is not catching these threats, then you need to contact our Endpoint Support so this can be reported and verified. 

Ask Questions Get Answers Join the Live Community
Labels